I think there are a few places that do therapy dogs that you can get into your office. If you're looking for a dog to take for a walk, try going to a local dogs trust or rescue centre. They're super friendly and will jump at the offer (mostly) as the dogs may otherwise not get out for a long walk that day.

Hello AskNetsec,Looking up information online I could not get a definite answer on legality of decompiling Android apps, which you obtained legally(purchased, signed up) and not profiting in any way from decompiling.Some resources say I need to look at EULA of the mobile app.Any help is appreciated!

It is not an infringement of copyright for a lawful user of a copy of a computer program expressed in a low level language— (a) to convert it into a version expressed in a higher level language, or (b) incidentally in the course of so converting the program, to copy it,(that is, to “decompile” it), provided that the conditions in subsection (2) are met.

The conditions are that— (a) it is necessary to decompile the program to obtain the information necessary to create an independent program which can be operated with the program decompiled or with another program (“the permitted objective”); and (b) the information so obtained is not used for any purpose other than the permitted objective.

In particular, the conditions in subsection (2) are not met if the lawful user— (a) has readily available to him the information necessary to achieve the permitted objective; (b) does not confine the decompiling to such acts as are necessary to achieve the permitted objective; (c) supplies the information obtained by the decompiling to any person to whom it is not necessary to supply it in order to achieve the permitted objective; or (d) uses the information to create a program which is substantially similar in its expression to the program decompiled or to do any act restricted by copyright.

Where an act is permitted under this section, it is irrelevant whether or not there exists any term or condition in an agreement which purports to prohibit or restrict the act (such terms being, by virtue of section 296A, void)

I reckon if the same laws that apply to desktop software (e.g. MS Word, Photoshop) would apply to mobile apps (if there are any, I am sure there are, but I don't know what they are!) Might be a direction to look in. But it should really state it in the license agreement.

At the end of the day it's end users decision if he/she wants to implement everything listed in the guide, what they find comfortable to work with, if they want to have a learning experience, if they want to switch or now etc.

the vast majority of people aren't even going to touch anything past step 2, because the vast majority of people aren't going to just up and leave whatever they were using before for Ubuntu. This is where the line between privacy and convenience comes in, and this is why personal threat model needs to be addressed first, not as a footnote.

Most people aren't going to install a whole new OS simply for privacy reasons, and the people who do (or are willing to) should be using something way better suited for that job than Ubuntu.

These "catch-all" guides just tend to further obfuscate privacy and security for the average person unfortunately - threat modeling should be the FIRST thing people learn, because nothing else truly makes sense without first knowing what you're attempting to guard against.

Hi there, thanks for commenting.It's a user's choice whether to switch or not, there is nothing we can do if the user doesn't want to switch.An average user(non-tech savvy​) will not know anything about threat modelling, what to do etc. To give a simple example: say you want to teach someone how to defend themselves, ( I hope you don't think I am being mean by using this example) I would be saying: "I know you never did martial arts, so it's best for you to run of getting mugged if can't give everything and let's learn how to throw a punch" You would say by analogue to your comment:"User should know a lot more, go for a year martial arts training etc" Does that make sense? User doesn't necessarily want to learn reasoning behind a decision but rather something they understand that protects they security and privacy, in the best scenario possible for them.Let me know if you want me to clarify furthermore.

Phishing email you may open up or accidentally click on (or social media links).

Incoming connections and low priv user really only protect your system. And someone has to make a value decision on what "malicious websites" would be blocked.

I'm certainly not wanting to turn this into more than a discussion either. :) Just trying to illustrate that I'm not sure anyone has the right answers. You can ask 100 security persons this scenario, and get 110 different answers, most of whom are correct in various ways and for various risk profiles.

JS on a non-malicious website would not get loaded/executed since all JS is blocked, except whitelisted websites that are trusted(IE Facebook, reddit, google). It will not protect from XSS on your trusted websited but that is something way outside the scope imho.Phishing email will not cause harm even if you click a link, since the domain will be blacklisted by default and JS and other things will not be loaded(which often is a main way to attack a user).Just wanted to show that for an average user, who is not targeted by professional groups this setup covers majority of threats.

Alright, thank you. Given that this is supposed to be a guide for people who don't already know the answers, I think it would be useful if more details were included to help people like me. But overall, I like the nature of what you are intending to do in your guide.